WP AutoShield®: One-Click WordPress Security from cPFence: Page 13 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

cPFence

Seeing new and exclusive modules pop up in cPFence has become a habit for our clients—because we just keep shipping. We’re focused on giving server owners real tools to solve real problems. Today, we’re proud to announce our latest: the Spam AutoShield module. This powerful new addition is built to give you total spam control across your entire Enhance server environment, without breaking a sweat.

How to Get Started?

First, upgrade Rspamd and activate its WebUI by following this guide:
Upgrade Rspamd Guide
Then, activate Spam AutoShield with:
```
   cpfence --activate-spam-autoshield
```

New Helper Tool: Username-Based Symlinks for /var/www

Create cPanel-style paths like /var/www/username for easier navigation—super handy for sysadmins and developers.

Create symlinks:
```
  cpfence --create-user-homelinks
```
Remove symlinks:
```
  cpfence --remove-user-homelinks
```

More info on our change logs page.
https://cpfence.app/changelogs/

xyzulu

cPFence Create cPanel-style paths like /var/www/username for easier navigation

A better, in my opinion, suggestion is to have the symlinks /var/www/domain.com/ rather than username. Just my own opinion of course.

cPFence

cPFence cpfence --create-user-homelinks

If you want this tool to automatically pick up newly added or removed users/sites, just set up a cron job like this:

/opt/cpfence/app/setup/cpfmain --create-user-homelinks > /dev/null 2>&1

The tool is designed to add or remove symlinks as needed to keep your setup always up to date.

8Dweb

xyzulu I can see that, but if there are aliases, sub-domains, add-ons it might be an issue. I wish it could be both... 😉

cPFence

xyzulu

Thank you for the suggestion. We might consider adding a new helper tool for this in the future, though it’s not as straightforward to implement as the username-based approach.

Kosta

Ban him and delete post lol

xyzulu

Kosta flag it instead of posting

standtech

Kosta Ban who ?

cPFence

xyzulu flag it instead of posting

standtech

A spammer registered and posted here, but the content has already been deleted.

gmakhs

When files are moved into quarantine what prevents them from running server wide since they are transfered using root ?

cPFence

gmakhs

Files quarantined by cPFence are moved to an isolated directory that’s not web-accessible or executed by any service. Ownership and permissions are preserved, files are renamed to prevent accidental execution. Even though root moves them, they’re not executable, not publicly accessible, and can’t run unless the admin manually restores and reactivates them.

gmakhs

cPFence that's great !

After studying your knowledge base though I see that cpfence is good at detecting sites with issues, but it's not clear to me how it prevent sites from being hacked in real time .

It seems also that scripts like WP hardening need to be run manually every now and then ?

From your kb
To enable Malware Real-Time Protection, use the following command:

cpfence --enable-MRTP

This command activates real-time protection against malware, ensuring immediate detection and response.

What response means ?
Does it just notify and quarantine the file ?
Does it block the malware?
Do I still need to do manual action ?

cPFence

gmakhs

If you enable auto-quarantine, the malware detection module will automatically scan, quarantine infected files, and email you a notification when issues are found, no manual action needed.

As for WP AutoShield, all features run entirely on autopilot. No need to re-run hardening manually. You can read more about it here:
https://cpfence.app/wp-autoshield-one-click-security-for-high-performance-secure-hosting/

Even if a client misconfigures something, WP AutoShield will auto detect and fix issues daily. Our Owl module also monitors all running processes and blocks malware in real time.

That said, advanced users still have access to a powerful arsenal of manual tools if needed, but for most, the default autopilot mode is more than enough and fully recommended.

gmakhs

cPFence
So if I understand correctly, if the file that changed to include the malware is part of the website theme or wordpress core , cpfence will quarantine it and brake the website.

But it doesn't prevent the change from happening correct ?

cPFence

gmakhs

Yes, that's correct. The cPFence Malware Protection module doesn’t lock files to prevent changes, it monitors and scans in real time, and if malware is detected, it will auto-quarantine the file (if auto-quarantine is enabled), even if it’s part of a theme or core file.

On the other hand, the goal of the WP AutoShield module is to automatically enforce strict boundaries and security rules daily, making it significantly harder for attackers to succeed in the first place.

gmakhs

cPFence can you elaborate please ?

As I understand hardening is changing permissions , but the default ones already are safe, so if the user haven't changed them it's the same , or am I wrong ?

cPFence

gmakhs

Hardening goes far beyond just permissions. A default WordPress installation is still exposed to multiple risks and will likely get compromised sooner or later if left as-is.

You can read more on the link I shared earlier, and also on WordPress’s official hardening guide.

WP AutoShield handles all of this automatically. Even if a user later changes something that weakens security, the module will detect and re-apply best practices daily to keep the site protected.

gmakhs

cPFence I am trying to understand how this is more than a cron that edits htaccess and per isions, that runs on an interval .

Also if it goes beyond wordpress which seems to focus only on wordpress and not server security?

Bit ninja has the same price - price model so I am comparing the 2 services

cPFence

gmakhs

The link above already explains most of this, but in short, WP AutoShield does much more than just a cron that edits .htaccess or permissions.

It secures WordPress sites by disabling file editing in admin area, pingbacks, totally block XML-RPC, and risky code execution; enforcing strict file permissions and secure keys; protecting logins with CAPTCHA and rate limiting; renaming the default admin user; running core file integrity checks and quarantine infections; and applying best-practice hardening such as securing wp-config.php, locking down wp-includes, and blocking PHP execution in the uploads folder, even reversing unsafe changes made by clients.

As for server-level protection beyond WordPress, cPFence offers:

IPDB with full IPv6 support (unlike BitNinja)
DDos and Brute-force protection for all services.
WAF
Owl process monitoring and auto-actions.
Real-time malware protection
Spam AutoShield and much more

cPFence is a comprehensive security suite, not just a WordPress tool. I’d recommend trying both products and seeing which fits your environment and security goals best.

gmakhs

cPFence thank you

leonardo

cPFence Honestly, I cant imagine my day to day now without cPFence and I am just sleeping easier knowing I have a set of tools to help me detect issues and help me fix them. I was always concerned as agency owner to move from 3rd party hosting and making our own but your tool def made me make the push and no regrets so far!

« Previous Page Next Page »